Ubuntu USN-732-1 (dash)

Published: 2009-03-13 18:24:56
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Technical Details:
Wolfgang M. Reimer discovered that dash, when invoked as a login shell, would source .profile files from the current directory. Local users may be able to bypass security restrictions and gain root privileges by placing specially crafted .profile files where they might get sourced by other dash users.

Summary:
The remote host is missing an update to dash announced via advisory USN-732-1.

Recommendations:
The problem can be corrected by upgrading your system to the following Linux Distribution Package versions: Ubuntu 8.04 LTS: dash 0.5.4-8ubuntu1.1 Ubuntu 8.10: dash 0.5.4-9ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-732-1

Detection Type:
Linux Distribution Package

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2009-0854
https://nvd.nist.gov/vuln/detail/CVE-2009-0675
https://nvd.nist.gov/vuln/detail/CVE-2009-0676
https://nvd.nist.gov/vuln/detail/CVE-2009-0759
https://nvd.nist.gov/vuln/detail/CVE-2009-0660
https://nvd.nist.gov/vuln/detail/CVE-2008-2086
https://nvd.nist.gov/vuln/detail/CVE-2008-5339
https://nvd.nist.gov/vuln/detail/CVE-2008-5340
https://nvd.nist.gov/vuln/detail/CVE-2008-5341
https://nvd.nist.gov/vuln/detail/CVE-2008-5342
https://nvd.nist.gov/vuln/detail/CVE-2008-5343
https://nvd.nist.gov/vuln/detail/CVE-2008-5344
https://nvd.nist.gov/vuln/detail/CVE-2008-5345
https://nvd.nist.gov/vuln/detail/CVE-2008-5347
https://nvd.nist.gov/vuln/detail/CVE-2008-5348
https://nvd.nist.gov/vuln/detail/CVE-2008-5350
https://nvd.nist.gov/vuln/detail/CVE-2008-5351
https://nvd.nist.gov/vuln/detail/CVE-2008-5353
https://nvd.nist.gov/vuln/detail/CVE-2008-5354
https://nvd.nist.gov/vuln/detail/CVE-2008-5356
https://nvd.nist.gov/vuln/detail/CVE-2008-5357
https://nvd.nist.gov/vuln/detail/CVE-2008-5358
https://nvd.nist.gov/vuln/detail/CVE-2008-5359
https://nvd.nist.gov/vuln/detail/CVE-2008-5360
https://nvd.nist.gov/vuln/detail/CVE-2009-0712
https://nvd.nist.gov/vuln/detail/CVE-2009-0713
https://nvd.nist.gov/vuln/detail/CVE-2008-4546
https://nvd.nist.gov/vuln/detail/CVE-2009-0037
https://nvd.nist.gov/vuln/detail/CVE-2009-0632
https://nvd.nist.gov/vuln/detail/CVE-2008-1922
https://nvd.nist.gov/vuln/detail/CVE-2009-0478

References:

http://www.ubuntu.com/usn/usn-732-1/

Search
Severity
High
CVSS Score
10.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.